Slashdot videos: Now with more Slashdot!

View

Discuss

Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

alphadogg writes "Users of the BitDefender antivirus software started flooding the company's support forums Saturday, apparently after a faulty antivirus update caused 64-bit Windows machines to stop working. The company acknowledged the issue in a note explaining the problem. 'Due to a recent update it is possible that BitDefender detects several Windows and BitDefender files as infected with Trojan.FakeAlert.5,' the company said. The acknowledgment came after BitDefender users had logged hundreds of posts on the topic. Some complained of being unable to reboot their systems."

Sure.It is called trusted computing.But who is the gatekeeper of trust?In order to only allow "KNOWN GOOD FILES" you need a white-list.That means that no mere user is going to be write his own software.That means that small software producers are going to have to go through an arduous and prohibitively expensive vetting process in order to be white-listed.In practice this means that only Microsoft and its partners will be able to produce software for your pc at a reasonable price.This could even mean that user generated data files are not trusted and therefor not allowed, making the pc a device for consuming content.Perhaps the user could produce content remotely through software as a service providers, who would either charge highly or claim ownership rights to your content.

It's a big step to presume that the user won't be able to just click on an Ignore button and continue. After all, that's how it works now on most security software, isn't it?

Small software producers already have to go begging the antivirus companies to whitelist their software when it hits one of their poorly made signatures. I've seen several cases where they get some random malware with a common software protection system and suddenly any software that uses that protection system shows up as a threat (I'm

You've gone from "files signed by known providers should be whitelisted" to "zomg end of software freedom!" which is crazy. Having a valid signature means the file can be skipped, but not having one doesn't mean the file would necessarily be identified as bad. I agree with the OP - why the hell isn't BitDefender whitelisting files signed with known good keys? Surely that's one of the first things a virus scanner should implement?

And why hasn't the "security industry" started to validate hashes and signatures and checksums on KNOWN GOOD FILES yet?

It's a good question but a better one would be 'Why do virus scanners have to exist at all?'

It's deeply sick to have to check all files against a huge list of checksums of magic incantations. It's better, but still not good to keep a list of checksums of files that don't contain magic windows-trashing incantations. The real solution is to not use a OS that is so easy to subvert.

LOL. Go preach that junk to a college kid. They might buy it. Outside of not running by admin as default (which has been on MS OS's for like 5 years now so get with the times) is the user based is culled by default.

If your typical dumbass uncle was running Linux and installing crap, their computer would be infested too. Well, except for the crap that nothing he wants to install actually runs on Linux.

LOL. Go preach that junk to a college kid. They might buy it. Outside of not running by admin as default (which has been on MS OS's for like 5 years now so get with the times) is the user based is culled by default.

If your typical dumbass uncle was running Linux and installing crap, their computer would be infested too. Well, except for the crap that nothing he wants to install actually runs on Linux.

Who ever said running as admin was the problem here? Running a web browser or email client as a non-admin user doesn't make the virus problem go away.

You should look at the software packages that come with ubuntu, there is software for everything. Just about anything my uncle would want to do can be catered for by software that can be downloaded by ubuntu's tools without messing around manually downloading stuff and without having to get out a credit card.

I avoided saying that. I also didn't mention security in general, the discussion was about viruses in particular.

Forget Linux and Unix for a moment. What about VMS, OS/390, or Nokia OS ? You can't tell me there are not a very large number of devices running Nokia OS that run all day every day. How come these devices are not crawling with viruses? They are general purpose computing devices too, all the weird and wonderful software these things can run proves that.

As you know, software has to be written once, no matter if it is then supposed to run on one or a million devices. Writing malware for VMS or OS/390 is pretty much pointless, since these machines are rarely found in the hands of inapt administrators/users, and even less likely in the homes of anyone who isn't at least to some degree quite geeky. You simply get the best penetration with an OS that has the largest userbase.

If there were sufficient motivation, people would write scripts to wget ubuntu rootkits and sudo make install them, and it would be posted to an ubuntu wiki, and thousands of people would end up on the ubuntuforums compliaining about viruses and how they thought ubuntu was immune.

This keeps coming up on slashdot, linux is not some magical barrier to viruses. Windows has its share of blame for crappy security, but many viruses are from users downloading stuff-- and the ones that ARENT (ie, most of them n

Any OS is easy to subvert and hijack as long as the user grants root/admin/whatevertheheadhonchoiscalled access to any moronic program that zips about and refuses to run without. It's called the Dancing pig problem [wikipedia.org]. While I can agree that it is exceptionally bad in Windows, where programs like games routinely require admin privileges to install (and quite often to run, too), this is not to blame on the OS itself. You could get the same kind of crappy

'tween you'n me... we do that already. Whitelisting is pretty much the ONLY way how contemporary scanners can be halfway decently fast. But those guys that make the other software are really, really spitting in our soup. They dare to launch updates for their software without notifying us. They just do, imagine, what cheek! And then they go and ram that up our ass... well, up our customer's ass and we don't know about it. Now, as you may imagine, especially system files and here es

Or maybe they should have put up a payment screen on their site, "We're sorry, your antivirus subscription has expired. To prevent your computer from being exposed to malware and virii, we have taken the proactive step of disabling your computer until you have made payment. For the low renewal fee plus a small reactivation fee of $199, we will be happy to walk you through the re-enablement process. Have a nice secure day!"

According to a quick bit of research, the latin "virus" that is the root is declined in singular only [wiktionary.org], so you would presumably use the singular always.
There IS a "vir" which is declined to "viri" (long i) in the plural, however that refers to "man", so is totally unrelated. Regardless, the word we use today is an english word with a different meaning, so regardless of how the base word was originally declined, it is not done that way in english. We do not tack on endings to "faithful" as we would to "fi

Not all Latin words ending in "-us" had plurals in "-i". "Apparatus", "cantus", "coitus", "hiatus", "impetus", "Jesus", "nexus", "plexus", "prospectus", and "status" were 4th declension in Latin, and had plurals in "-us" with a long "u". "Corpus", "genus", and "opus" were 3rd declension, with plurals "corpora", "genera", and "opera". "Virus" is not attested in the plural in Latin, and is of a rare form (2nd declension neuter in -us) that makes it debatable what the Latin plural would have been; the only plural in English is "viruses". "Omnibus" and "rebus" were not nominative nouns in Latin. "Ignoramus" was not a noun in Latin.

Simpler explanation: Latin plurals ending in -ii (eg. filii, anything ending in -arii, nuntii) come from singulars ending in -ius, so the -us -> -i 2nd declension plural rule still holds. "virii", if it exists, can only be a plural of "virius".

Virus comes to English from Latin. The Latin word vrus (the indicates a long i) means "poison; venom", denoting the venom of a snake. This Latin word is probably related to the Greek (ios) meaning "venom" or "rust" and the Sanskrit word visham meaning "toxic, poison".[2]

Since vrus in antiquity denoted something uncountable, it was a mass noun. Mass nouns — such as

You can do that, but that doesn't make it correct usage. The way languages work is that they have certain "correct" spellings and grammar; youre free to ignore them, but you will be incorrect in doing so.

Disclaimer: I make no claim to the correctness or lack thereof within this post.

We're using English. To hell with "correct" parlance in terms of any foreign and/or dead language. English is based on several different languages, including Latin, and bastardizes huge parts of all of them. Latin should not be exceptional in its retained purity.

"Virii," if it suits you. "Viruses" if it does not. "More then one virus" if you can't decide, though such phraseology reeks of superfluous verbosity.

You missed the point. We arent speaking latin, so latin rules do not apply, the english ones do. You are certainly free to mismatch your subject and verb tenses, but to try to claim it is correct is silly. Likewise you are free to give "virus" an inappropriate ending, but anyone with authority on the subject will call it incorrect.

This isnt a subjective thing, there is a right and a wrong when it comes to english syntax and word construction.

Its a new security paradigm. The newly locked down computer will not run anything, and therefore no virii, malware, bots, or solitaire, will run. Truly they've created the "most secure antivirus ever".

This actually happened to me, at first I couldn't log in with my password, had to use Bart's PE disc to reset that, then I couldn't get any icons on my desktop of use the start button, then just a black screen, I thought I had a virus for real, so I reformatted , this was yesterday, wish I could have seen this but I don't know how they would have reversed it anyway.

That is why I use and would recommend Comodo Time Machine [comodo.com] as it gives you a nice little screen before boot where you just hit the home key and can restore your machine from snapshot before the little boo boo. And if the Bitdefender burn has turned you off of them I would try Comodo AV/Firewall [comodo.com] from the same company. Both are free, no nags or need to register, and I have been running it on both 32 and 64 bit XP and Windows 7.

Note-not affiliated with the company, just a humble PC repairman that has tried just about every AV and security software out there and found Comodo to be the best all around. I have been running them on XP X64 for a couple of years now and never had any show stoppers like this. In fact the only problem I've ever seen with a Comodo product is you can't run Time Machine in a dual boot with Windows 7 and XP because 7 changes drive letters, but even then there wasn't any hangup or problems, it simply wouldn't install.

But if your machine is running a single OS Time Machine can keep problems like TFA from happening. I have had family members bork their machines beyond booting and with Time Machine I was able to walk them through restoring from snapshot in under 15 minutes. hell of a lot better than a multi-hour reinstall.

I only run Windows software in a VM these days - all the stuff I want to be fast, stable, secure and safe I do under Ubuntu. Windows 7/xp both work fine under the free VM Player. None of this malware crap for me, thanks.

The newer generation of *ubuntu users will only get their aps from the official repositories (yeah I know, a weird concept to the MS world) and be protected that way.
Hard core Linux fans would find your type of exploit before it could do harm, after all they'd only use Open Source aps, right?

I'm wagering (not 100% sure) that System Restore would also have been able to repair the parent's issue, it sounds like he didn't bother to try it before reformatting. But it definitely can replace lost system DLL files.

System Restore saves incremental snapshots of the system files to subdirectories in the SystemVolumeInformation folder on your hard disk. It doesn't do the whole drive, and usually has a limited number of snapshots which you can use. Most of these time machine style progtams take snapshots of the entire drive and back it up to a separate partition or drive. They usually give you more control over what can be restored and what times you can restore from. Usually you can also run restores by booting a CD or f

This is why I would recommend a Mac, or at least something other than Windows. The anti-malware that you have to use on Windows is sometimes almost as bad as the malware itself.

Windows, in and of itself, has become a stable, useful operating system. It's come a long way from the unstable 9X days, and truthfully, in some ways its easier to use than OS X. Were it not for the security issue, I might still be running Windows at home. But the cost in

Yet for some reason I have friends asking what Mac AV to use, which means shortly they will be running crappy, poorly written antivirus software as well. The OS isnt really any kind of protection against this, what kind of crazy world is this where technical people are blaming the OS for what a low-level piece of software managed to do to it?

It's not that simple in reality. Obviously you can test RTM, service packs, etc, but system files can also be updated in individual security patches. It's simply not feasible to test every single security patch for every single supported system and platform, at least not if you want timely definition updates. Perhaps in the future Microsoft could make all released binaries available for AV vendors to regression test against.

It's not that simple in reality. Obviously you can test RTM, service packs, etc, but system files can also be updated in individual security patches. It's simply not feasible to test every single security patch for every single supported system and platform, at least not if you want timely definition updates

An excellent point, and if only a small number of users were affected, it may be relevant. Unfortunately, at least based on the article and the volume of reports, all you need is a run-of-the-mill 64-bi

This seems to be a semi-common issue. One place I kill time at uses Trend Micro on a couple of machines, and two updates within the past eight months have broken networking in funky ways that made updating impossible until workarounds were determined.

AV signatures get updated at the very least twice a day. In some companies, the (internal) updatecycle is 3-4 hours. And not all of them have the manpower of Kaspersky. The whole signatures-packaging is often a job for one or two people. Sure, 99% of it is automated, but that's also one of the reasons why something like this can happen.

One good reason for something like this happening is what I like to call the "race for a First". Being the first to detect something.

I remember a few years ago that an update to the compulsory antivirus software on some of our PCs at work went ahead and deleted some important Windows system files if you had it configured to auto-scan the disk; mine wasn't so I was able to disable it before losing the files, but anyone who let it run overnight came into work to find a dead PC waiting for them.

This happened to me, too... bitdefender would flag nearly any file, and it first flagged a file that I had just updated, so I was genuinely concerned. The next file is flagged, however, was usbstor.sys, so I knew the AV was probably wrong.

Some people were running virus scans... tens of thousands of false detection, and all of the files were quarantined or deleted... it was a really bad situation for many. I'm not sure how non-technical users fared.

I use bitdefender on my computer only - I like the aggressive detection capabilities and reporting options. However, no one else in my house wants to know what their AV is doing - they just want it to work - and bitdefender is probably the worst option for them.

Another Antivirus software package (COMODO) has caused problems of this nature for me at work - it updated, asked to reboot and on rebooting we were just presented with a black screen, the desktop wouldn't load. Fortunately we were able to reboot into safe mode and just uninstall it until there was an update issued, but it was still part of a morning lost...
While it's impossible to test every configuration ever, I'd have thought that something that would affect EVERY system in an office using this softwar

Interestingly enough, even companies that test every software update before rolling it out on their network often pass virusscanner database updates untested.This means they are at constant risk of disabling their entire computer network due to a mistake of the virusscanner maker.

It never ceases to amaze me how much Windows users will endure.. Perhaps they are masochists and enjoy the pain of having their system occasionally rendered useless.. Living a life full of worry that their machine is an accidental click away from hours of removing crap from their system, followed by weeks of wondering whether or not they got all the cancer out.. Perhaps they enjoy the challenge of constantly defending themselves.. Proving that the are SMARTER than the other masochists that get burned.. Keep

One of the things that precipitated my move to Linux was the way Kaspersky -- at the time, the top-rated security suite -- was shutting down my LAN. There were lots of posts on the official forums complaining about the problem, a handful of useless responses from users guessing at which part of the suite might be the source of the problem, and about which of the undocumented menu options might disable that part of the suite, and one short, incomprehensible message from one of the developers, suggesting they were looking into the problem, from several months before.

My experience with security software for Windows is that they bog down the operating system, disable basic features of the operating system without warning, and cause frequent crashes -- the very problems that they warn malicious software may cause. Simply put, malicious software *may* cause problems for Windows, but most third-party security software *will*.

To Microsoft's credit, they finally sealed some of the fundamental security holes with Vista and Windows 7, and they offer a decent security suite for free, so there's really no longer any reason to buy one of these wretched third-party security suites.

On the whole, though, you'll still get better security by switching to Linux, or at least Mac OS X.

Well, you really don't need a 3rd party security application to make your machine secure. We just saw the other day http://ask.slashdot.org/story/10/03/18/1831246/What-Free-Antivirus-Do-You-Install-On-Windows [slashdot.org] that many people have good things to say about MS Security Essentials as an anti-virus program. As advanced users, we also all know what the weak link is: end users who click on and run any old thing. Honestly, take a modern version of Windows (Vista or Windows 7) and the out of box (and on by default)

you good sir, are an idiot. This update has nothing todo with Windows updates. Before you go on a rant about something you obviously have no clue about, how about RTFA first.

I guess you must work in the food industry after all, probably the dumb fuck who always messes up my food when I go out to eat. Perhaps the root of the problem for you, was that your mom did drugs and drank while you were developing, and then she opted for a water-birth and you drowned a bit too long after you fell out of her cunt.

Why exactly would Microsoft give you support for a 3rd part application that has fucked up ?

You saw the word "defender", automatically assumed is was another MS problem, and couldn't wait to add your 2 cents. Don't worry, you're not the first person in this thread to have egg on their face, and you probably won't be the last.